CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files

Disclosed: 2020-08-27 18:56:37 By demonia To khanacademy

Medium

Vulnerability Details

No vulnerability description provided or it is restricted.

Actions

View on HackerOne

Report Stats

Report ID: 943255
State: Closed
Substate: resolved
Upvotes: 11

Share this report